ORLANDO, Fla. -- Health IT security is at the forefront of many healthcare CIOs' minds, whether because of impending HIPAA audits or fear of hackers.

SearchHealthIT caught up with Patrick Anderson, CIO at Ochsner Health System in New Orleans, to ask him how he manages the health IT security of his system, despite the various threats out there.

"We haven't had any security breaches yet, but everybody is vulnerable, so we've done two things: We've created a cyber task force to oversee our cyberprojects, but we've also hired a third-party company to come in and help us with cyberevent planning, and we've trained the whole C-suite on what to do in the event of a cyberevent," Anderson said at the College of Healthcare Information Management Executives' CHIME15 Fall CIO Forum. "[We've] also worked with internal communications, so that we can handle our patients and our providers and our workforce, so that we can manage an event appropriately."

However, Anderson admits that Internet of Things security poses a challenge because it's very difficult for an IT organization to manage and monitor the risk of every connected device. "You have to do a thorough security review of anything that connects to your health systems' data network," he said.

And that includes third-party apps, which are notoriously insecure. Anderson said he approaches securing third-party apps by putting compensating controls around them.

"We do compensating controls around those third-party apps and we segregate them, so they try to stay by themselves. Often, these third-party apps are running on older operating systems, and they're legacy applications, and you really can't upgrade them to more secure infrastructure and secure operating systems," he said. "You literally have to approach cyberwarfare from many fronts."

1 comment

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy